Vulnerability Description
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
CVSS Score
3.5
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 4.1.0, < 4.1.9 |
| Fedoraproject | Fedora | 38 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=2264099Issue Tracking
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://moodle.org/mod/forum/discuss.php?d=455641Vendor Advisory
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=2264099Issue Tracking
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://moodle.org/mod/forum/discuss.php?d=455641Vendor Advisory
FAQ
What is CVE-2024-25983?
CVE-2024-25983 is a vulnerability with a CVSS score of 3.5 (LOW). Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
How severe is CVE-2024-25983?
CVE-2024-25983 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25983?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Fedoraproject Fedora.